Like the typical fairytale, the internet is full of black hat programmers (the bad guys) and white hat programmers (the good guys). There are also gray hats, but let’s not get into that right now.
Malware creators – typically black hats –have identified how to keep flooding the online and mobile advertising space with thousands of new distinct virus variants simultaneously. They know about how much time it takes to detect and develop protection for new viruses and have used this to their advantage.
The increasing volume of malware and malicious activity leads me to believe that a list of all of the elements involved in this world – and a description of their purpose – might be helpful in the good fight, especially for those just entering the field.
Included in this list will be terms like APT (Advanced Persistent Threats), scareware , MITM attacks, cookie stuffing, and other threats posed to publishers and their users. Having grown up in the age where the good guys always win, I hope this list helps educate you and your team in the fight against malware and malicious activity. (This list is organized in a typical ABC format, so you can scroll to the letter of your choosing!)
And in the hope of keeping this list as up to date as possible, do let me know if I missed one!
In its most innocent form, adware is any code designed to insert advertisements onto websites, apps or software packages in order to drive revenue through page views, downloads or other conversions. In worst case scenarios, on publisher websites, adware can interrupt and harm the user’s experience and may even hide destructive malware.
The process of forcing a user to download unwanted software to their computer or mobile device. With malicious adware or malvertising (discussed in M), the software can force out or replace legitimate advertising assets.
Also known as “browser hijacking,” this is the process of taking over a user’s web browser for the purpose of misdirecting that user to another site without their knowledge or permission. In some cases, interstitial ads will prompt user engagement, which may grant system permission to the malware.
Commonly associated with fraudulent CPM activity — where the advertiser is paying per impression — auto refresh compromises the user experience by interrupting site visits and app sessions.
Advanced Persistent Threats (APT)
Delineating the type of attackers, these are advanced, organized professionals that have focus and resources to conduct their malicious activity. They typically fall into three categories: nation-states, organized crime groups and hacktivists. The nation-state attackers look to glean intellectual property and private communications. The organized crime groups are often focused on financial gain through credit fraud, identity theft, and exploitation. The hacktivists seek to cause financial harm to companies that they see as an impediment to their cause or as something likely to garner them headlines.
APTs often start with a simple attack vector, such as spear phishing, but continue with other methodologies until success is achieved. In addition, the attacks are not designed just to get in, grab one piece of information, and get out. They will often remain in the system for long periods of time to glean as much information as possible, even years.
Ad Verification Service
Typically a third party, these service providers scan creative assets and targeted landing pages to identify malware, malicious activities, and other inappropriate campaigns. For publishers, an ad verification service plays a critical role in malware protection, particularly for ongoing campaigns that are susceptible to corruption.
A method for bypassing normal security and authentication routines, often used by programmers during development to save time. When left in place, backdoors can create serious vulnerabilities for publishers who run their websites using “off-the-shelf” software.
Short for “robot,” a bot is a program that simulates human activity. Bots can be used by criminals to uncover vulnerabilities on individual and network computer systems — and then install malicious software. A computer that’s been hijacked by malware may become a bot (sometimes also called a “zombie”) and put to criminal use.
A collection of bots, coordinated by a central system to execute functions that require large amounts of computing power. An individual computer owner may have no idea that his or her computer is part of a botnet.
A common warning that malware has been discovered on a particular website or app. Knowing that “Contains No Malware” is increasingly difficult to guarantee, many publishers rely instead on disclaimers in their Terms of Service, stating that they’ve done their best to provide a risk-free user experience and cannot be held responsible for damages.
Also known as “cookie dropping”, the practice of providing a client with falsified cookies to give the impression that a user had visited other domains, without the user being aware of it. This is a common trick to defraud affiliate advertising programs.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
Techniques vary, but the most common DoS/DDoS attacks involve flooding the victim’s servers with an unmanageable amount of requests, causing them to overload and essentially shut down. Malware-infected botnets are typically used to carry out these attacks without the owner’s knowledge.
A specific kind of malware used to take remote control of a user’s computer and, typically, add it to a botnet.
The act of including unwanted malware alongside legitimate software.
A piece of software, chunk of data, or a sequence of commands to attack a computer system or software. The term’s origin points to the fact that most attacks take advantage of bugs or vulnerabilities, rather than relying on so-called “brute force,” which overpowers security systems.
A protective barrier placed between internal and external systems, software, and users.
As the name implies, software that walks the line between being legitimate and nefarious. For example, unwanted adware that does nothing more than display pop-up ads might be considered grayware. Some publishers may have a greater tolerance for grayware appearing in their inventory.
Ads placed in such a manner that they are never viewable. For example, stacked ads, ads clipped by iframes and zero-opacity ads.
A file containing the names and IP addresses of other computing systems, including websites. Hackers can spoof (discussed in S) a host file, opening the victim’s computer to attack.
Software that records keystrokes to covertly capture a user’s password and other credentials (see also spyware).
Malicious software built specifically inside a specific program. In the 1990s, Microsoft Excel was famously infected by macro viruses that were passed along unknowingly within spreadsheets.
The use of online advertising to spread malware.
Man-in-the-Browser (MITB) and Man-in-the-Middle (MITM) Attacks
By inserting themselves into a transaction without detection, MITB and MITM attackers intercept sensitive data — but typically allow the transaction to continue. For example, a hacker might sit “in the middle” of a bank transfer, collecting the user’s account information; the transfer is not actually interrupted, leaving the attacker undetected.
Personally Identifiable Information (PII)
A legal term that can include an individual’s name, birth date, social security number, account numbers, email address and so forth. Gathered by malware, PII is traded openly on the black market, with the most sensitive data commanding the highest prices. Even seemingly innocuous personal details, such as those gathered by many publishers, can gain value when paired with data stolen from other sites.
Typically attributed to malware, phishing is actually malicious activity and NOT malware. The differentiating factor here is that there is no software involved, just deception. The attackers acquire sensitive details by masquerading as a trusted authority.
Publishers are particularly vulnerable to phishing attacks on their subscribers, who may reflexively trust an email that looks legitimate at a quick glance.
A form of phishing, pharmers redirect unsuspecting users to a malicious website, often by spoofing (discussed in S) the legitimate destination. The purpose can be for stealing PII, installing a specific kind of malware, or adding the victim’s computer to a botnet.
A small piece of software installed within a larger program, often to add functionality. Installing plug-ins recklessly, without confirming their origins, is a popular cause of malware intrusions. Publisher platforms, such as WordPress, rely heavily on plug-ins and must be continuously monitored for malware attacks.
Using software designed specifically for locations (or “ports”) on servers and individual computers, malware can find vulnerabilities before IT has time to install a patch.
Potentially Unwanted Application (PUA) and Potentially Unwanted Program (PUP)
Related to Grayware, PUAs and PUPs are applications, programs, or plug-ins that may be relatively harmless, like adware, or may hide destructive code such as a virus (discusses in V) or worm (discussed in W).
A popular new form of malware that takes control of a user’s files, computer or server, then demands payment to release the data or controls. Ransomware has gained popularity in part due to Bitcoin, which makes it possible to receive ransom payments anonymously.
The Holy Grail for hackers, root access gives the user supreme authority on a computer or network. In other words, they have total control and impunity to install malware.
Software used by hackers to gain root-level access.
Typically masquerading as adware, scareware is designed to frighten users into believing their systems are vulnerable, prompting them to install a solution. The new installation, of course, is the true malware.
The spycraft of hacking, social engineering is the process of impersonating an individual to gain access to sensitive information. Often, hackers use one part of an individual’s personal details to gain access to more data. For example, using part of a stolen social security number to reset a Gmail password, then using that Gmail account to reset a bank account password. Malware is used to automate part of the process; By posing as a friend on a social network, for example, malware can prompt a victim to divulge sensitive information.
The act of falsely representing a known website, service or email address in the hopes of prompting users to install malware or divulge sensitive personal data.
Software that gathers personal or organizational details without the user’s knowledge or consent.
Trojan Horse Virus
Named for the Trojan Horse in Virgil’s “Aeneid,” these viruses appear to be innocent but actually conceal dangerous malware. Unlike worms and traditional viruses, Trojans don’t spread on their own — they trick users into installing them. Once in place, they can download even more malware, steal personal information, or turn over root-level access to hackers.
The method that a code uses to propagate itself or infect a computer.
A software, plug-in, or other type of code designed to wreak havoc on a computer, typically by attaching itself to existing software.
Related to viruses, worms are also designed to duplicate and distribute themselves across a system or network. Unlike viruses, which are attached to specific software, worms are generally standalone, relying instead on vulnerabilities to spread.
Also known as Zero-Hour, this is the brief breach window that a vulnerability –that is unknown and/or unpatched by the vendor— is exploited.